From 8aa162d5b0ff03fb6f4d88faa56ce6cbcbc35f54 Mon Sep 17 00:00:00 2001 From: Hamish Willee Date: Mon, 23 Dec 2024 10:36:26 +1100 Subject: [PATCH] Apply suggestions from code review Co-authored-by: skyclouds2001 <95597335+skyclouds2001@users.noreply.github.com> --- .../web/http/headers/cross-origin-embedder-policy/index.md | 2 +- .../web/http/headers/cross-origin-opener-policy/index.md | 2 +- .../headers/permissions-policy/cross-origin-isolated/index.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/en-us/web/http/headers/cross-origin-embedder-policy/index.md b/files/en-us/web/http/headers/cross-origin-embedder-policy/index.md index 3f269c563148a25..85f610ec434a050 100644 --- a/files/en-us/web/http/headers/cross-origin-embedder-policy/index.md +++ b/files/en-us/web/http/headers/cross-origin-embedder-policy/index.md @@ -44,7 +44,7 @@ Cross-Origin-Embedder-Policy: unsafe-none | require-corp | credentialless Certain features, such as access to {{jsxref("SharedArrayBuffer")}} objects or using {{domxref("Performance.now()")}} with unthrottled timers, are only available if your document is {{domxref("Window.crossOriginIsolated","cross-origin isolated","","nocode")}}. -To use these these features in a document you will need to set the COEP header with a value of `require-corp` or `credentialless`, and the {{HTTPHeader("Cross-Origin-Opener-Policy")}} header to `same-origin`. +To use these features in a document, you will need to set the COEP header with a value of `require-corp` or `credentialless`, and the {{HTTPHeader("Cross-Origin-Opener-Policy")}} header to `same-origin`. In addition the feature must not be blocked by {{HTTPHeader("Permissions-Policy/cross-origin-isolated","Permissions-Policy: cross-origin-isolated")}}. ```http diff --git a/files/en-us/web/http/headers/cross-origin-opener-policy/index.md b/files/en-us/web/http/headers/cross-origin-opener-policy/index.md index 10ec5c3ab538210..89ff173e09d1514 100644 --- a/files/en-us/web/http/headers/cross-origin-opener-policy/index.md +++ b/files/en-us/web/http/headers/cross-origin-opener-policy/index.md @@ -139,7 +139,7 @@ The table below shows the opener behaviour for the different directive values. Certain features, such as access to {{jsxref("SharedArrayBuffer")}} objects or using {{domxref("Performance.now()")}} with unthrottled timers, are only available if your document is {{domxref("Window.crossOriginIsolated","cross-origin isolated","","nocode")}}. -To use these these features in a document you will need to set the COOP header to `same-origin` and the {{HTTPHeader("Cross-Origin-Embedder-Policy")}} header to `require-corp` (or `credentialless`). +To use these features in a document, you will need to set the COOP header to `same-origin` and the {{HTTPHeader("Cross-Origin-Embedder-Policy")}} header to `require-corp` (or `credentialless`). In addition the feature must not be blocked by {{HTTPHeader("Permissions-Policy/cross-origin-isolated","Permissions-Policy: cross-origin-isolated")}}. ```http diff --git a/files/en-us/web/http/headers/permissions-policy/cross-origin-isolated/index.md b/files/en-us/web/http/headers/permissions-policy/cross-origin-isolated/index.md index 92e36eb2ce88372..fcdef1707df5c43 100644 --- a/files/en-us/web/http/headers/permissions-policy/cross-origin-isolated/index.md +++ b/files/en-us/web/http/headers/permissions-policy/cross-origin-isolated/index.md @@ -9,9 +9,9 @@ browser-compat: http.headers.Permissions-Policy.cross-origin-isolated {{HTTPSidebar}} {{SeeCompatTable}} -The HTTP {{HTTPHeader("Permissions-Policy")}} header `cross-origin-isolated` directive controls whether the current document is allowed to use {{domxref("Window.crossOriginIsolated", "APIs that require cross-origin isolation", "", 1)}}. +The HTTP {{HTTPHeader("Permissions-Policy")}} header `cross-origin-isolated` directive controls whether the current document is allowed to use APIs that require {{domxref("Window.crossOriginIsolated", "cross-origin isolation", "", "nocode")}}. -Specifically, where a defined policy blocks use of this feature, the {{domxref("Window.crossOriginIsolated")}} and {{domxref("WorkerGlobalScope.crossOriginIsolated")}} properties will always return `false`, and the document will not benefit from reduced restrictions on the use of some APIs that are granted only to cross-origin-isolated documents. +Specifically, where a defined policy blocks use of this feature, the {{domxref("Window.crossOriginIsolated")}} and {{domxref("WorkerGlobalScope.crossOriginIsolated")}} properties will always return `false`, and the document will not benefit from reduced restrictions on the use of some APIs that are granted only to cross-origin isolated documents. This is true regardless of the {{HTTPHeader("Cross-Origin-Embedder-Policy")}} and {{HTTPHeader("Cross-Origin-Opener-Policy")}} headers, and whether the document would have been cross-origin isolated had the permission been granted. The APIs that require this permission include the use of {{jsxref("SharedArrayBuffer")}} objects and {{domxref("Performance.now()")}} with unthrottled timers — see {{domxref("Window.crossOriginIsolated")}} for information about other restricted APIs.